Micro
1-9 employees
£299.99+ VAT
One-off · no recurring fee
- IASME-licensed certificate
- 6-hour SLA on compliant submissions
- 3 free re-submissions
- £25k cyber liability insurance
Cyber Essentials certification, certified in under 6 hours.
The fastest Cyber Essentials certification in the UK - guaranteed within 6 hours for compliant submissions, three free feedback rounds if you need them, and a 100% pass rate for buyers who use our free readiness checker. IASME-licensed. From £299.99 + VAT.
6 hours
Certified turnaround guarantee
£299.99
Micro tier starting price + VAT
12 months
Certificate validity
Quick answers
The five things buyers ask first.
- How much does Cyber Essentials cost?
- From £299.99 + VAT for Micro (1-9 employees). The cheapest IASME-licensed CE body in the UK.
- How fast is certification?
- 6 working hours for compliant submissions - or a full refund. The fastest in the UK.
- Is Fig Group IASME-licensed?
- Yes - Fig Group is an IASME-licensed Cyber Essentials certification body, not a reseller.
- Which scheme version is in effect?
- Cyber Essentials v3.3, effective 28 April 2026.
- Is Fig Group independently verifiable?
- Yes - Companies House #16845978, ICO ZC072182, and listed in the IASME directory.
Transparent, Competitive Pricing
Choose your organisation size and certification level
Cyber Essentials
Self-assessed · 6-hour SLA
Small
10-49 employees
£399.99+ VAT
One-off · no recurring fee
- IASME-licensed certificate
- 6-hour SLA on compliant submissions
- 3 free re-submissions
- £25k cyber liability insurance
Medium
50-249 employees
£449.99+ VAT
One-off · no recurring fee
- IASME-licensed certificate
- 6-hour SLA on compliant submissions
- 3 free re-submissions
- £25k cyber liability insurance
Large
250+ employees
£549.99+ VAT
One-off · no recurring fee
- IASME-licensed certificate
- 6-hour SLA on compliant submissions
- 3 free re-submissions
- £25k cyber liability insurance
Cyber Essentials Plus
Third-party verified · 1-3 days
Micro
1-9 employees
£1,499+ VAT
One-off · no recurring fee
- Everything in Cyber Essentials
- External vulnerability scan
- Remote technical audit
- 1-3 working days turnaround
Small
10-49 employees
£1,999+ VAT
One-off · no recurring fee
- Everything in Cyber Essentials
- External vulnerability scan
- Remote technical audit
- 1-3 working days turnaround
Medium
50-249 employees
£2,799+ VAT
One-off · no recurring fee
- Everything in Cyber Essentials
- External vulnerability scan
- Remote technical audit
- 1-3 working days turnaround
Large
250+ employees
£4,499+ VAT
One-off · no recurring fee
- Everything in Cyber Essentials
- External vulnerability scan
- Remote technical audit
- 1-3 working days turnaround
Fully inclusive
No hidden assessment fees, surprise consultancy charges, or mandatory add-ons.
Dedicated support
Named human assessor support throughout every certification.
Readiness checker included
Free pre-assessment readiness checker included with every package.
6 hours or your money back. Cyber Essentials returned in 6 working hours of compliant submission, or a full refund. The standard IASME certification fee starts at £320 + VAT; Fig Group’s Cyber Essentials Micro starts at £299.99 + VAT - below the standard rate.
Terms, evidence and claim qualification: /trust/claims
Need custom enterprise pricing or a multi-organisation package?
Talk to the teamOverview
IASME-licensed in London, the fastest Cyber Essentials certification body in the UK.
Fig Group is an IASME-licensed Cyber Essentials certification body assessing organisations of every size for both Cyber Essentials and Cyber Essentials Plus under the NCSC-backed scheme.
- Six-hour SLA - on compliant Cyber Essentials submissions - the fastest of any IASME-licensed UK certification body.
- Government-contract ready - IASME-licensed evidence accepted under PPN 014/21 for UK central-government suppliers and supply-chain bidders.
- Fully transparent pricing - Published flat fee, no hidden charges, no consultancy upsells, no revenue-based quoting.
Based in
London, UK
Turnaround
6 hours, guaranteed
Cyber Essentials
From £299.99 + VAT
Cyber Essentials Plus
From £1,499 + VAT
From our Google reviews
What Fig Group customers say
Google rating: 5-star, from verified Google reviews
“The process was extremely efficient: short phone call, submission, pass. Highly recommended.”
Tatiana Charkova · Liberty Towers Ltd - London-based recruitment agency · Google review ·
“We recently completed our Cyber Essentials certification with Fig Group and had a great experience from start to finish....”
Luc Fountain · Liberty Towers Ltd - London-based recruitment agency · Google review ·
“Excellent Service, Professional handling and support, the best for fast track”
John Patounas · Google review ·
“Purchased a cyber essentials self assessment. Turned it around in under 2 hours. Great team.”
R K · Google review ·
“Great service and fast turnaround. Working with the Fig Group to achieve our Cyber Essentials accreditation was a really positive experience. A process I have previously found long-winded and difficult was made straightforward and simple from start to finish. Communication was clear, the turnaround time was excellent, and the customer service from Jay was outstanding throughout. I would highly recommend them to anyone looking to get Cyber Essentials accreditation without the usual hassle.”
Alex Greenacre · Artemis Adjusting Ltd - London-based insurance claims adjusting company · Google review ·
“Jay at the Fig group was very helpful in helping my small business though our certification process. He got straight in contact even though it was out of hours and supported me in answering the questions. He even came and looked at some of our equipment when I wasn't sure (can't guarantee that kind of service for everyone!). He went above and beyond and I cannot recommend him enough.”
Simon Gane · Clear Ear Clinic Ltd · Google review ·
“Genuinely impressed with the Cyber Essentials experience via Fig Group. As a two-director UK tech company, we wanted certification done properly rather than superficially. The assessor, Jay Hopkins, was precise, fair, and constructive throughout, the feedback we received on our first submission was proportionate and gave us a clear path to remediation rather than a blanket rejection. The whole process from registration to certificate took under a week, and the end result is a real uplift in our security posture, not just a box-ticking exercise. The free cyber liability insurance included for businesses under £20m turnover is a meaningful additional benefit. Highly recommended for any UK SME looking to take cyber security seriously.”
Mahesh Pappu · Google review ·
Certified in Under 6 Hours
The fastest Cyber Essentials certification in the UK - guaranteed within 6 hours for compliant submissions
Fig Group
6 hours
guaranteed on compliant submissions
Rest of UK industry
24-72 hrs
typical published turnaround
Speed matters most in four situations:
Use case 01
Tender deadlines
Meet urgent bid requirements.
Use case 02
Client requirements
Satisfy supply-chain obligations.
Use case 03
Insurance prerequisites
Unlock better cyber insurance.
Use case 04
Contract preparation
Prove controls before signing.
Under 6 hours from self-assessment submission - The fastest Cyber Essentials certification in the UK for compliant submissions.
Structured feedback - Fig provides structured feedback up to 3x on your self-assessment submission, helping you pass and receive your certificate within hours.
Competitively priced - With pricing from £299.99 + VAT, Fig is among the most competitive IASME-licensed certification bodies in the UK.
What is Cyber Essentials?
A foundational certification scheme backed by the UK government and NCSC
Cyber Essentials, defined
The UK government's foundational cybersecurity certification scheme - independent validation that an organisation has implemented the controls needed to defend against the most common cyber attacks.
Required by many UK government contracts handling sensitive data, and increasingly expected across private-sector supply chains.
Developed by
IASME, in partnership with the UK government and the National Cyber Security Centre (NCSC).
What it validates
Five core technical security controls - listed to the right.
Required for
UK government contracts handling sensitive data; increasingly required by private-sector buyers.
Fig accreditation
IASME-licensed certification body authorised for both Cyber Essentials and Cyber Essentials Plus.
Recognised by government and critical infrastructure bodies
Supports ISO 27001, NIS2, and other compliance frameworks
Improves insurance premiums and customer trust
Five Control Categories
1
Firewalls and internet gateways
Control inbound and outbound internet access at the boundary
2
Secure configuration
Harden systems and remove unnecessary services
3
User access control
Implement strong authentication and privileges
4
Malware protection
Deploy and maintain anti-malware solutions
5
Security update management
Keep software and devices updated with security patches
Cyber Essentials or Plus?
Choose the certification level that fits your needs
Self-assessed
Cyber Essentials
£299.99+ex VAT
IASME questionnaire reviewed by a Fig assessor. Six-hour SLA on compliant submissions - the fastest in the UK.
Turnaround: within 6 hours for compliant submissions
Independent technical audit
Cyber Essentials Plus
£1,499+ex VAT
Adds external vulnerability scanning and a sampled technical audit on top of the same five controls.
Turnaround: 1-3 working days
Both certificates are valid for 12 months and carry the same NCSC badge.
| Feature | Cyber Essentials | CE Plus |
|---|---|---|
| Assessment type | Self-assessed | Third-party verified |
| External audit | - | |
| Vulnerability scan | - | |
| Certification validity | 1 year | 1 year |
| Best for | Quick, foundational proof | Enterprise & government bids |
Why Choose Fig as Your Certification Body?
IASME-licensed, transparent, and built for modern organisations
About Fig Group
An IASME-licensed Cyber Essentials certification body authorised to assess organisations for both Cyber Essentials and Cyber Essentials Plus.
Accreditation
IASME-licensed for Cyber Essentials and Cyber Essentials Plus, under the NCSC-backed scheme.
Pricing
Fully published. No hidden fees, no post-purchase surprises, no mandatory consultancy.
Coverage
UK-wide - from micro organisations to large enterprises, across all four organisation-size tiers.
Support
Dedicated team available throughout the process for questions and guidance.
What Sets Fig Apart
IASME-licensed certification body
Transparent pricing - all costs shown upfront
Structured feedback up to 3x on your self-assessment to ensure you receive your certificate the same working day
Readiness checker to identify gaps before assessment
UK-wide coverage - not limited to London
Dedicated support throughout the certification process
What Changed in Cyber Essentials v3.3
Key updates effective 28 April 2026 under the NCSC requirements
Effective 28 April 2026Cyber Essentials v3.3
The headline change: mandatory multi-factor authentication on every user account with access to organisational data or services.
Applies to cloud services, remote access, and administrative accounts without exception. All assessments completed from 28 April 2026 onwards must meet the v3.3 requirements.
Mandatory MFA
Multi-factor authentication is required for all user accounts accessing organisational data, cloud services, and remote systems. Applies to assessments from 28 April 2026.
Updated Scope Rules
Clearer guidance on which devices and services are in scope, including personal devices used for work (BYOD) and home routers for remote workers.
Cloud Service Obligations
Organisations must now demonstrate that cloud services are configured securely, with explicit requirements for SaaS, IaaS, and PaaS providers.
The Cyber Essentials Assessment Process
What to expect when you certify with Fig
How certification works
Three steps from purchase to certificate, certified within six hours of a compliant submission.
Used forGovernment contractsSupply-chain requirementsInternal compliance
Step 1 · ~5 minutes
Choose level and pay
Select Cyber Essentials (self-assessed) or Cyber Essentials Plus (third-party verified), choose your organisation size band, and check out securely. Confirmation and access details land in your inbox immediately.
From £299.99 + VATStripe checkoutIASME-licensed
Step 2 · Under 6 hours
Complete the assessment
For Cyber Essentials, submit the questionnaire and an IASME-licensed assessor reviews it - compliant submissions return within 6 working hours. For Plus, an external auditor runs a technical audit including vulnerability scanning and control verification, typically 1-3 days.
6-hour SLA3 free re-submissionsv3.3 ready
Step 3 · 12-month validity
Receive certification
Once approved, your Cyber Essentials certificate is issued and listed on the official NCSC register. If any controls need remediation, you'll get clear, actionable feedback and can resubmit at no extra cost.
NCSC register£25k cyber coverFree renewal reminder
Watch: How to Get Cyber Essentials Certified
Video by IASME - the accreditation body behind Cyber Essentials certification.
When you need Cyber Essentials
Three buying contexts where certification is most often required
Public sector
Government contracts
Under Procurement Policy Note 014/21, Cyber Essentials may be required for UK central government contracts involving sensitive or personal information. The requirement applies contract by contract. If you need certification to meet a tender deadline, Fig certifies in under 6 hours from compliant self-assessment submission.
Private sector
Supply chains and insurance
Private-sector buyers increasingly require Cyber Essentials as part of supply chain risk management. Certification can also improve terms on cyber insurance policies. If clients ask whether you meet basic cybersecurity standards, Cyber Essentials provides independently verified proof.
Higher value
When CE Plus is preferred
For higher-value or higher-risk contracts, Cyber Essentials Plus is increasingly preferred because it adds third-party verification rather than self-assessment alone. If you are bidding for government work or higher-tier supply chain roles, speak to our team about the right certification level.
Technical Guides
In-depth guides written by our IASME-licensed assessor to help you prepare
Cyber Essentials v3.3 MFA Requirement: What You Need to Know
The v3.3 update to Cyber Essentials makes multi-factor authentication mandatory for all user accounts. Here is what changed, who is affected, and how to comply.
The 14-Day Patching Rule: What It Actually Says and How to Stay Compliant
The 14-day patching requirement is the single most common reason Cyber Essentials submissions fail first time. Here is what the rule actually says, when the clock starts, and how to evidence compliance when users are on holiday, vendors are slow, and legacy systems will not update.
Cyber Essentials Firewall Requirements: What Assessors Actually Check
The firewall question looks simple but fails more submissions than people expect. This guide covers boundary firewalls, software firewalls, home routers for remote workers (now in scope under v3.3), default credentials, and the cloud firewall configuration assessors expect in 2026.
Secure Configuration for Cyber Essentials: The Controls Assessors Expect to See
Secure configuration is the control area with the broadest scope and the most room for getting details wrong. This guide covers default passwords, auto-run, unnecessary software, cloud service configuration, and the specific settings assessors check against v3.3 (effective 28 April 2026).
Malware Protection for Cyber Essentials: What Qualifies and What Does Not
Malware protection looks simple - "we have antivirus" - but the question set asks specifically about configuration, coverage, and fallback approaches. This guide covers what qualifies under v3.3, including the application allow-listing alternative and the most common mistakes during assessment.
MFA for Microsoft 365: the Cyber Essentials v3.3 configuration
The step-by-step Microsoft 365 MFA configuration that passes Cyber Essentials v3.3 first time. Security Defaults vs Conditional Access, number-matching, admin hardening, and the legacy-auth question.
MFA for Google Workspace: the Cyber Essentials v3.3 setup
Google Workspace 2-Step Verification (2SV) configuration that passes Cyber Essentials v3.3: user rollout, admin hardening, and closing the "less secure app access" loophole.
MFA conditional access under Cyber Essentials v3.3: what works, what fails
Conditional-access policies that pass v3.3 vs those that fail. Trusted IP exemptions, device-based trust, Intune compliance, and why "require MFA unless trusted network" now fails most assessments.
Industries We Certify
Sector-specific guides covering how Cyber Essentials applies to your industry
Cyber Essentials by UK city
Local guidance for the cities and regions Fig Group certifies most often.
Find your nearest location
Pick the city closest to your organisation. Each page covers local pricing, the six-hour turnaround, and the sector context for that region.
Local pricing
Same published flat fee, regardless of city or postcode.
Six-hour SLA
Compliant submissions return certified within six working hours.
Sector context
Financial services, legal, MSPs, and government supply chains - by city.
ManchesterCyber Essentials guideBirminghamCyber Essentials guideLeedsCyber Essentials guideBristolCyber Essentials guideLiverpoolCyber Essentials guideNewcastleCyber Essentials guideSheffieldCyber Essentials guideNottinghamCyber Essentials guideCambridgeCyber Essentials guideOxfordCyber Essentials guideReadingCyber Essentials guideMilton KeynesCyber Essentials guideSouthamptonCyber Essentials guidePortsmouthCyber Essentials guideEdinburghCyber Essentials guideGlasgowCyber Essentials guideCardiffCyber Essentials guideBelfastCyber Essentials guideCheltenhamCyber Essentials guidePlymouthCyber Essentials guideAberdeenCyber Essentials guideNorwichCyber Essentials guideGuildfordCyber Essentials guideWokingCyber Essentials guideSloughCyber Essentials guideTelfordCyber Essentials guideSalisburyCyber Essentials guideStevenageCyber Essentials guide
Test Your Readiness
Use our self-assessment tool to identify gaps before formal certification
The readiness checker will load when this section is in view.
From Cyber Essentials to ISO 27001
Use your Cyber Essentials evidence as a foundation for broader compliance
Start here
Cyber Essentials
Five core security control categories - access control, patch management, secure configuration, malware protection, and firewalls - all mapped directly to ISO 27001 controls.
Practical, achievable first step. Certification in 6 hours for compliant submissions.
Progress to
ISO 27001
The international standard for information security management. Reuse your CE evidence and controls as a foundation, reducing duplication and shortening the path to certification.
When your business requirements demand a broader ISMS, your CE work already counts.
Fig supports 65+ compliance frameworks - ISO 27001, NIS2, GDPR, SOC 2, CMMC and more.
Cyber Essentials vs ISO 27001Ready for More?
Cyber Essentials is just the beginning
Fig supports 65+ compliance frameworks including ISO 27001, NIS2, GDPR, SOC 2, CMMC, and more.
Once certified with Cyber Essentials, use your evidence and controls to accelerate compliance with other frameworks. MSPs can offer Cyber Essentials at scale.
Explore All SolutionsFrequently Asked Questions
Everything you need to know about Cyber Essentials
What is Cyber Essentials?
Cyber Essentials is a UK government-backed certification scheme that validates five technical cyber controls: firewalls, secure configuration, user access control, malware protection, and security update management. It is administered by IASME on behalf of the NCSC.
What is Cyber Essentials Plus?
Cyber Essentials Plus adds an independent technical audit - external vulnerability scan, device configuration check, MFA verification - on top of the CE self-assessment. Plus is required by many UK government contracts and most large enterprise supply chains.
How much does Cyber Essentials cost in the UK?
UK Cyber Essentials fees are set by each IASME-licensed Certification Body within the IASME-published headcount tiers (Micro 1-9, Small 10-49, Medium 50-249, Large 250+). Fig Group prices Cyber Essentials from £299.99 + VAT for Micro, rising to £399.99 (Small), £449.99 (Medium), and £549.99 (Large), with all tiers set below the standard IASME certification body fee.
How fast is Fig Cyber Essentials certification?
Fig publishes a 6-hour turnaround guarantee for compliant Cyber Essentials submissions made before midday on a UK business day. If the submission needs edits, the clock pauses while you fix them and resumes on re-submission.
What is Cyber Essentials v3.3?
v3.3 is the Cyber Essentials scheme version effective from 28 April 2026. It adds mandatory multi-factor authentication on every user account, clearer BYOD and cloud-service scoping, and tightens remote-worker home-router expectations.
Is MFA mandatory under v3.3?
Yes. Multi-factor authentication is mandatory on every user account that accesses organisational data on or after 28 April 2026. This includes cloud services, email, admin accounts, remote access, and line-of-business SaaS applications.
What is in scope for Cyber Essentials?
Every device and service used to access organisational data: laptops, desktops, phones, tablets, cloud services, home routers for remote workers (under v3.3), and corporate network equipment. Anything that does not access organisational data is not in scope.
How long is a Cyber Essentials certificate valid?
Twelve months from the assessment date. On the anniversary the certificate lapses with no grace period. Most organisations re-certify 14 days before expiry to protect contract continuity.
What happens if my Cyber Essentials lapses?
You are removed from the NCSC register and are no longer certified for contract purposes. Re-certification restores the listing; if you have already done the readiness work, the renewal questionnaire is typically much shorter than the initial submission.
Is Cyber Essentials mandatory for UK government contracts?
Under PPN 014/21 it is required for central government contracts that handle sensitive or personal information. The specific requirement varies by contract; some require CE, some require CE Plus. Always check the bid documentation.
What is the difference between Cyber Essentials and ISO 27001?
Cyber Essentials covers five technical controls. ISO 27001 is a full information security management system with 93 Annex A controls, policies, risk processes, internal audits, and a formal multi-day certification audit. For a practical buyer-focused breakdown, see /blog/cyber-essentials-vs-iso-27001-which-does-your-customer-actually-want.
Can our MSP get Cyber Essentials on our behalf?
Cyber Essentials is certified per organisation, not per MSP. Your MSP can manage the assessment and remediation, but your organisation signs the attestation and holds the certificate.
Who needs Cyber Essentials certification?
Three buyer contexts drive most CE certification: UK suppliers covered by PPN 014/21 government procurement; supply-chain vendors where a tier-one customer mandates CE in contract; and regulated firms (SJP partner practices, FCA-regulated firms, NHS suppliers) where certification is contractually expected. Insurers also increasingly request CE evidence at PI quote and renewal.
The Cyber Essentials library
Every article we've written on the scheme, grouped by topic. Written by Jay Hopkins, IASME-licensed Cyber Essentials assessor.
Start here - fundamentals1
Price, cost and speed16
- Best UK Cyber Essentials Body for Compliance Automation: Cheapest and Fastest Among IASME-Licensed Bodies That Offer Both
- How to become a Cyber Essentials assessor: the IASME requirements and the fastest route (2026)
- Cyber Essentials Cost by UK Region - Ayrshire to Zetland
- Cyber Essentials Plus Cost UK 2026 - Full Pricing Breakdown
- Which Cyber Essentials Bodies Actually Offer Same-Day Certification?
- The Cheapest IASME-Licensed Certification Bodies for Cyber Essentials
- Cyber Essentials Turnaround Times: Every Major UK Body Compared
- Fig Group Prices Cyber Essentials Below the Standard IASME Fee. Here Is Why.
- Why Cyber Essentials Certification Costs Less with Fig Group Than the Standard IASME Fee
- Under 6 Hours, Guaranteed: How Fig Group's AI-Powered Platform Delivers the UK's Fastest Cyber Essentials Certification
- Cyber Essentials in Under 6 Hours - Guaranteed. Here Is What That Actually Means.
- How to Get Cyber Essentials Certified in Under 6 Hours
- Cyber Essentials Cost 2026: Complete UK Pricing Guide
- Cyber Essentials Certification Bodies Compared: Speed, Service, and Why Fig Leads
- The Fastest Cyber Essentials Certification Body in the UK: Why Fig Stands Alone
- The Hidden Cost of Slow Cyber Essentials Certification
The five Cyber Essentials controls1
Technical configuration guides36
- Cyber Essentials BYOD rules in 2026: phones, laptops, personal devices
- Cyber Essentials Plus remote audit: how the assessor actually tests your controls
- Multi-factor authentication for Cyber Essentials v3.3: the complete pillar guide
- MFA for Microsoft 365: the Cyber Essentials v3.3 configuration
- MFA for Google Workspace: the Cyber Essentials v3.3 setup
- MFA conditional access under Cyber Essentials v3.3: what works, what fails
- Cyber Essentials v3.3: cloud services scope changes explained
- Cyber Essentials v3.3 and passwordless authentication: what the scheme allows
- Cyber Essentials v3.3 and device unlock: what the scheme expects
- Cyber Essentials v3.3 sub-set scoping: when and how to exclude
- Cyber Essentials v3.3: admin account requirements and the FIDO2 shift
- Cyber Essentials for remote and hybrid workforces: scope, home routers, and what v3.3 actually requires
- Cyber Essentials and patch management (WSUS, Intune, third-party)
- Cyber Essentials and password managers (1Password, Bitwarden, Dashlane)
- Security Update Management for Cyber Essentials v3.3: the complete pillar guide
- Cyber Essentials for Okta: configuration guide
- What Is the Fastest Way to Get Cyber Essentials?
- User Access Control for Cyber Essentials v3.3: the complete pillar guide
- Cyber Essentials for Chromebook / ChromeOS: configuration guide
- Plain English Guide to the April 2026 Cyber Essentials Changes
- Cyber Essentials for Mac / macOS: configuration guide
- Cyber Essentials for Android: configuration guide
- Cyber Essentials for iPhone / iOS: configuration guide
- Cyber Essentials for Kandji: Mac configuration guide
- Cyber Essentials for Jamf Pro: Mac configuration guide
- Cyber Essentials for Microsoft Intune: configuration guide
- Cyber Essentials for Google Cloud (GCP): configuration guide
- Cyber Essentials for AWS: configuration guide
- Cyber Essentials for Microsoft Azure: configuration guide
- Cyber Essentials Tender Deadline Emergency: The 48-Hour Playbook
- Cyber Essentials Scoping: What Is In, What Is Out, and How to Not Get It Wrong
- The 14-Day Patching Rule: What It Actually Says and How to Stay Compliant
- Why Same-Day Cyber Essentials Is Now Possible (And Why It Wasn’t Five Years Ago)
- Malware Protection for Cyber Essentials: What Qualifies and What Does Not
- Secure Configuration for Cyber Essentials: The Controls Assessors Expect to See
- Cyber Essentials Firewall Requirements: What Assessors Actually Check
Compliance & scheme updates (v3.3)16
- How to Get Defence Cyber Certification (DCC): Step-by-Step Guide for UK MOD Suppliers
- DCC Level 0 vs Level 1: Which Defence Cyber Certification Do You Need?
- DCC Scoping Mistakes That Fail Certification (and How to Avoid Them)
- How Long Does Defence Cyber Certification Take? Realistic Timelines for L0 and L1
- Cyber Essentials vs ISO 27001: which does your customer actually want?
- What happens if your Cyber Essentials certificate lapses
- Procurement-team Cyber Essentials checklist: what to require from suppliers
- How to verify a Cyber Essentials certificate: the buyer and procurement-team guide (2026)
- Cyber Essentials for Solicitors and Law Firms: What the SRA Expects in 2026
- Cyber Essentials for Accountants: Protecting Client Financial Data in 2026
- Cyber Essentials Plus for St. James's Place Partners: The Complete Guide
- Cyber Essentials for Government Contracts: The Complete Guide
- Cyber Essentials to ISO 27001: Building Your Compliance Journey
- AI-Powered Compliance: How Codex, Claude, and Copilot Are Transforming Security Operations
- Why MSPs Should Offer Compliance-as-a-Service in 2026
- The NIS2 Directive: What UK Businesses Need to Know in 2026
Questions answered (FAQ / People Also Ask)14
- Does Cyber Essentials protect against ransomware?
- What are the five Cyber Essentials controls?
- Can a sole trader get Cyber Essentials?
- Is Cyber Essentials a legal requirement?
- Does Cyber Essentials cover cloud services?
- What size business needs Cyber Essentials?
- Does Cyber Essentials require a VPN?
- Who needs Cyber Essentials Plus?
- Can I get Cyber Essentials Plus without Cyber Essentials?
- Can small businesses get Cyber Essentials?
- Can you fail Cyber Essentials?
- Does Cyber Essentials cover GDPR?
- Is Cyber Essentials worth it?
- Is Cyber Essentials free?
Compare Fig to other certification bodies14
- UK Cyber Essentials Certification Bodies Compared (2026)
- Best Cyber Essentials Certification Bodies in the UK (2026)
- Cyber Essentials Certification Body Pricing Compared (2026)
- Cyber Essentials vs Cyber Essentials Plus: Which Do You Need?
- Indelible Data review: Cyber Essentials in 2026
- Can you buy Cyber Essentials directly from IASME? (2026)
- Pentest People review: Cyber Essentials in 2026
- NormCyber review: Cyber Essentials in 2026
- QG Management Standards review: Cyber Essentials in 2026
- Cyber Security Associates (CSA) review: Cyber Essentials in 2026
- URM Consulting review: Cyber Essentials in 2026
- IT Governance review: Cyber Essentials in 2026
- Bulletproof review: Cyber Essentials in 2026
- CyberSmart review: Cyber Essentials in 2026
Cyber Essentials by sector16
- DCC vs Cyber Essentials: What UK MOD Suppliers Must Know
- Cyber Essentials for MSPs: The Partner Program That Pays You Margin Without the IASME Licensing Burden
- Cyber Essentials for SaaS companies: the scoping question nobody gets right
- Cyber Essentials for UK law firms with remote counsel and counsel chambers
- Fig Group vs Financial Institutions Group: Clearing Up the Confusion
- Choosing a Cyber Essentials Certified MSP in the UK
- Cyber Essentials for Financial Services: FCA, PRA and Client Expectations
- Cyber Essentials for London Criminal Barristers’ Chambers: What the BSB Does Not Require, But Everyone Is Asking For
- Cyber Essentials for MSPs: Why Certification Is About to Become Non-Negotiable
- Cyber Essentials for Financial Services and Fintech
- Why Does Cyber Essentials Certification Take So Long? It Does Not Have To.
- Cyber Essentials for Schools, Colleges, and Universities
- Cyber Essentials for Construction Companies and Contractors
- Cyber Essentials for NHS Suppliers and Healthcare Organisations
- Fig Group: The Story Behind the Name and Our Mission in MSP Compliance
- Cyber Essentials for Recruitment Agencies: A Practical Guide
Cyber Essentials & cyber insurance1
More from the library22
- Cyber Essentials for charities: how to budget at £299.99 + VAT
- AI-powered Cyber Essentials assessment: what Fig does differently
- What Is Fig Group? The MSP Compliance Platform, Not Financial Institutions Group
- How Long Does Cyber Essentials Take? Honest Timelines for 2026
- London SJP Partner Practices: Navigating the Cyber Essentials Plus Mandate
- How to Choose a Cyber Essentials Assessor: 7 Things to Check
- Cyber Essentials Certification Bodies Based in London
- IASME-Licensed Cyber Essentials Bodies: What to Look For in 2026
- Cyber Essentials for UK Organisations: Choosing the Right Certification Body
- Cyber Essentials Accreditation: the UK guide to getting and keeping your certificate (2026)
- Cyber Essentials for Critical Digital Infrastructure Providers in the UK
- After SJP: Cyber Essentials Is Becoming Standard Across UK Wealth Management
- Cyber Essentials Certificate: what it is, how to get one, and how long it lasts (2026)
- Cyber Essentials for Small Business: A Practical Guide
- Cyber Essentials Online: the complete UK guide for 2026
- Last-Minute Cyber Essentials: Getting Certified Before Your Deadline
- Free Cyber Essentials Readiness Check: Test Your Compliance
- CJSM, Common Platform, and Criminal Chambers: The Digital Security Baseline for 2026
- Cyber Essentials Renewal: What Happens After Year One?
- Cyber Essentials for Estate Agents, Letting Agents, and Property Firms
- No, Fig Group Does Not Stand for Financial Institutions Group
- Cyber Essentials for Charities: A Practical Guide for UK Nonprofit Organisations
Cyber Essentials by UK city28
South East (8)
- Cyber Essentials Slough: the 2026 guide for Slough businesses
- Cyber Essentials Woking: the 2026 guide for Woking businesses
- Cyber Essentials Guildford: the 2026 guide for Guildford businesses
- Cyber Essentials Portsmouth: the 2026 guide for Portsmouth businesses
- Cyber Essentials Southampton: the 2026 guide for Southampton businesses
- Cyber Essentials Milton Keynes: the 2026 guide for MK businesses
- Cyber Essentials Reading: the 2026 guide for Reading businesses
- Cyber Essentials Oxford: the 2026 guide for Oxford businesses
North West (2)
Yorkshire (2)
West Midlands (2)
East of England (3)
South West (4)
Scotland (3)
Northern Ireland (1)
Cyber Essentials trust evidence
The buyer evidence to check before you purchase
This block keeps the commercial claims close to the final decision point: licence, speed, pricing, reviews, and the important difference between Cyber Essentials and Cyber Essentials Plus.
Licence
IASME-licensed certification body
Fig Group publishes its IASME licence evidence, operating entity, and external verification route so buyers can check the certification body before purchase.
Verify IASME licenceSpeed
6-hour CE guarantee
The 6-hour assessor turnaround applies to eligible Cyber Essentials submissions received before midday on a UK business day. It does not apply to Cyber Essentials Plus.
Review speed evidencePricing
Below standard IASME fee
Cyber Essentials pricing is published by tier and mapped against the standard IASME certification body fee, with no mandatory consultancy add-on.
Review price evidenceReviews
Public review evidence
Google review signals and Fig claim evidence are separated from sales copy so procurement teams can verify trust claims independently.
Review rating evidencePractical rule: buy Cyber Essentials when the requirement asks for baseline certification. Buy Cyber Essentials Plus only when the buyer, insurer, or framework specifically asks for the audited technical verification layer.
Start Your Certification Journey Today
Get certified, protect your business, and prove your security controls.